Identifying and specifying
requirements for offsite storage
of physical records
January 2009
© Crown copyright 2011
You may re-use this information (excluding logos) free of charge in any format or medium, under
the terms of the Open Government Licence. To view this licence, visit
nationalarchives.gov.uk/doc/open-government-licence or email psi@nationalarchives.gsi.gov.uk.
Where we have identified any third-party copyright information, you will need to obtain permission
from the copyright holders concerned.
This publication is available for download at nationalarchives.gov.uk.
Identifying and specifying requirements for offsite storage of physical records
1
2
3
INTRODUCTION.................................................................................................................................................... 4
1.1
PURPOSE ............................................................................................................................................................ 4
1.2
SCOPE ................................................................................................................................................................ 4
1.3
AUDIENCE............................................................................................................................................................ 5
1.4
ASSUMPTIONS...................................................................................................................................................... 5
HOW TO USE THIS DOCUMENT ......................................................................................................................... 6
2.1
DOCUMENT STRUCTURE ....................................................................................................................................... 6
2.2
TABLE STRUCTURE ............................................................................................................................................... 7
IDENTIFICATION AND CATEGORISATION OF RECORDS ............................................................................... 9
3.1
IDENTIFYING RECORD CATEGORIES .....................................................................................................................10
3.2
NEEDS OF THE RECORD CATEGORIES ..................................................................................................................12
3.3
ASSOCIATED INDEXES AND FINDING AIDS .............................................................................................................15
3.4
VITAL RECORDS .................................................................................................................................................16
4
DEVELOPING DISPOSAL POLICY ...................................................................................................................18
4.1 DEVELOPING DISPOSAL CRITERIA ...........................................................................................................................19
4.2
ALLOCATION AND EXECUTION OF DISPOSAL SCHEDULES .......................................................................................22
4.3 MANAGING DISPOSAL ............................................................................................................................................23
5
6
7
SECURITY MANAGEMENT ................................................................................................................................26
5.1
SPECIFYING THE REQUIRED SECURITY .................................................................................................................26
5.2
ACTIVE MANAGEMENT OF SECURITY TO ELECTRONIC SYSTEMS .............................................................................30
ACCESS AND RETRIEVAL OF RECORDS .......................................................................................................31
6.1
IDENTIFYING PATTERNS OF USE ...........................................................................................................................32
6.2
ESTABLISHING THE OFFSITE STORE’S LOCATION ...................................................................................................36
6.3
GUIDANCE ON ACCESS AND RETRIEVAL................................................................................................................38
TRANSPORT OF RECORDS ..............................................................................................................................39
7.1
TRACKING THE RECORDS ....................................................................................................................................40
7.2 CUSTODY AND CARE OF RECORDS IN TRANSIT ........................................................................................................44
8
9
MODES OF STORAGE .......................................................................................................................................48
8.1
ASSESSING MODES OF STORAGE.........................................................................................................................49
8.2
VULNERABLE RECORDS ......................................................................................................................................52
ENVIRONMENTAL CONDITIONS ......................................................................................................................53
03 February 2012
Page 2 of 67
Identifying and specifying requirements for offsite storage of physical records
10
11
9.1
SURVEYING THE EXTERNAL ENVIRONMENT OF THE STORE ....................................................................................54
9.2
SURVEYING THE ENVIRONMENT OF THE INTERIOR OF THE STORE ..........................................................................56
AUDITING AND REPORTING.............................................................................................................................57
10.1
MONITORING USE OF THE OFFSITE STORE .......................................................................................................58
10.2
REPORTING INCIDENTS AND MAINTAINING COMMUNICATIONS ............................................................................59
EXIT STRATEGY .................................................................................................................................................61
11.1
12
13
DEVELOPING THE EXIT STRATEGY ...................................................................................................................62
PURCHASING .....................................................................................................................................................64
12.1
ASSESSING THE CONTRACTOR ........................................................................................................................64
12.2
PURCHASING FRAMEWORKS ...........................................................................................................................65
12.3
SHARED SERVICES .........................................................................................................................................65
12.4
UNDERSTANDING CONTRACTORS’ CHARGING MODELS .....................................................................................65
FURTHER READING ..........................................................................................................................................66
13.1
LEGISLATION .................................................................................................................................................66
13.2
RELEVANT STANDARDS AND OTHER REFERENCES ............................................................................................66
03 February 2012
Page 3 of 67
Identifying and specifying requirements for offsite storage of physical records
1
Introduction
1.1
Purpose
The purpose of this guide is to cover the main issues an organisation needs to address when
defining its required service level from an offsite storage contract for current or semi-current
records offsite with a commercial contractor.
The document can either be used as a starting point for developing a specification or as a means
to assess, validate and refine pre-existing requirements. You can refer to any of the sections as
required – this guidance should not be treated as a rigid document that must be read in one
sitting.
The term physical record is used here to include not only paper files, but any physical artefact
that contains, or provides, information (for example books, laboratory samples, CDs or plans).
1.2
Scope
This guide covers twelve important areas that must be considered when an organisation is in the
process of developing an understanding of their requirements from an offsite store. Each section
will propose questions that cover:
identification of record categories
development of disposal policy
security management
access and retrieval of records
transport of records
modes of storage
environmental conditions
auditing and reporting
exit strategy
purchasing
It is not intended to cover the specification and provision of an archive facility for permanent
preservation of physical records; this is a very different exercise.
03 February 2012
Page 4 of 67
Identifying and specifying requirements for offsite storage of physical records
Primarily intended for the initial (or a first time) contract, the principles of this guide are also valid
for organisations that have established such facilities but are now preparing to tender for a new
provision.
This guidance document does not prescribe how an organisation should tender and contract an
offsite store nor does it aim to provide comprehensive advice on this topic; each organisation will
use the procurement methodology favoured by their sector. Further considerations about
purchasing and procurement are covered in section 12 Procurement.
In some circumstances this may be best provided via a consortium or shared service model.
Organisations which are in a position to use such facilities may achieve an economy of scale
which would not otherwise be achievable.
1.3
Audience
The principle audience is any public body from a large organisation, such as a local authority, to
smaller organisations, such as a schools or general practices. Other organisations beyond the
public sector may also find the guidance useful.
Contracting and managing an offsite store may not be restricted to record management
specialists. So this guide is intended for use by any personnel undertaking the development of a
business case or specification for outsourced offsite storage offered by commercial third parties.
We recommend that the organisation engages with either its own expertise or with external
record/information management expertise to ensure that the final specification will provide an
appropriate offsite management service and does not compromise good record management
practice.
1.4
Assumptions
We have assumed that the offsite store will normally be owned and managed by a third party
rather than being established by the organisation, and that the organisation will need to specify
levels of service in a contract with a selected storage provider. However, note that all the
considerations are applicable if an organisation is considering developing its own service or
buying into an established contract to form a shared service.
03 February 2012
Page 5 of 67
Identifying and specifying requirements for offsite storage of physical records
This guide assumes that the applicable legal and regulatory requirements will be part of every
standard contract such as public procurement rules and health and safety obligations. As such
these areas will not be analysed in detail. Users are recommended to seek professional advice
on these matters.
This guide it should not be used as the sole basis for developing a formal contract. Each
organisation must take account of its own operating environment and the current protocols for
procurement and contract management. Essentially this guidance is a tool to aid assessment of
potential contractual need for an offsite storage facility as part of its normal records management
processes.
2
How to use this document
2.1
Document structure
The three main sections of this document are:
Management information – which combines the considerations essential to identifying
records and establishing their management needs
Specifying the service – which is separated into six ‘modules’ covering the specification of
the required level of service, and the storage expectation for an offsite store
Purchasing – which expands upon the responsibility of organisation to procure the service
using the appropriate guidance and legislative rules relevant to their purchasing
framework
Each section under Management information and Specifying the service covers different aspects
of specifying an offsite storage service. In some circumstances a consideration may not be
applicable but the organisation should be clear that it has identified and indicated where this is
the case.
03 February 2012
Page 6 of 67
Identifying and specifying requirements for offsite storage of physical records
Document Structure
Management Information
This is to be completed in advance
of later sections so that the
questions in them can be accurately
addressed without having to review
what information is or is not known.
Establish Record Categories
Establish / Allocate Disposal
Schedules
Prescribe Security Controls
Establish Access & Retrieval
Services
Prescribe Modes of Transport
Specifying the Service
This section can be completed
depending on the level of
importance an organisation places
on each section. All sections must
be complete.
Prescribe Modes of Storage
Identify Any Specific
Environmental Conditions
Establish Auditing & Reporting
Systems
Establish Exit Strategies
Procurement
The procurement phase will very
depending on the organisation,
as such this section will be brief
and not contain requirements.
2.2
Procurement
Table structure
This table identifies each cell of a consideration table along with a brief explanation of the
associated content.
No: 1.0
Consideration:
The unique
The text for each consideration is a brief statement identifying an issue that must
number for
be considered prior to entering an agreement with a contractor
each
consideration
03 February 2012
Page 7 of 67
Identifying and specifying requirements for offsite storage of physical records
Rationale:
The rationale provides a reasoning and context for each consideration. It also indicates the
benefit of implementing the consideration.
Where appropriate the rationale will also indicate any associated risks of not including a
consideration into a specification for an offsite store.
Questions:
Q1.
The questions prompt the reader on issues they should address to meet the needs of a
consideration. Every question has a unique number and corresponding numbered
outcome.
When answering each question the organisation must carefully consider the effect of its
response. In particular, where the answer is ‘no’, consider the impact this could have on
any specification for offsite storage.
Each organisation must make risk assessments ensuring that actions related to the
consideration are properly informed and follow the organisation's protocol.
Outcomes:
A1.
Corresponding numbered outcomes are included not as ‘the answer’ but as a prompt
towards the preferred way a question should be addressed.
Each outcome aims to provide some reasoning and discussion points to help the reader
determine their ability to address the consideration.
Outcomes may indicate what is at stake if the question remains unanswered or answered
negatively.
The risks associated with each consideration will vary for each organisation. This section
should improve understanding of the potential issues involved so that key decisions can
be made to the benefit of the organisation.
Management information
Writing the specification for an offsite store can be a significant undertaking. To ensure that the
required delivery services and storage capacity are provided, you must be as accurate as
possible in determining the exact nature and extent of records to be moved offsite.
03 February 2012
Page 8 of 67
Identifying and specifying requirements for offsite storage of physical records
3
Identification and categorisation of records
In this guide ‘record category’ refers to any logical sequence, set, or series of records. Records
may be classified by function, organisation, case number, project name, physical format or
retention periods.
The purpose of identifying and creating record categories is to enable the organisation to form
logical arrangements of records which have clear management and access rules associated with
them.
If an offsite storage specification is to be fit for purpose it is essential that categories of records,
and their characteristics, are identified and articulated clearly.
Identifying Record Categories
Reassess all record
categories to
determine any
special access and/
or storage needs.
Start
Have all record
categories been
identified?
Develop and allocate
appropriate record
categories.
Yes
No
Allocate a
responsible team
(user) to locate and
identify all indexes
task.
Have any specific
needs for record
categories been
identified?
No
Yes
No
All
indexes identified for
records due to be sent
offsite?
Yes
Allocate a
responsible team
(user) to locate and
identify all Vital
Records.
No
Have all Vital Records
been identified?
Yes
End
03 February 2012
Page 9 of 67
Identifying and specifying requirements for offsite storage of physical records
3.1
Identifying record categories
Understanding and identifying the records an organisation possesses is vital to the success of
specifying the services required from an offsite store.
The process of record categorisation may be lengthy but if it is not done there is very little chance
that records can be managed effectively by the offsite contractor. This can lead to the
organisation paying for a service that cannot provide any real business support in terms of
managing its information.
No: 1.0
Consideration:
Identify the categories of record that require offsite storage
Rationale:
A record category is any grouping of records defined by characteristics that assist with their
identification and management.
An organisation must establish its own criteria for categorising its records based on the most
practical way they can be managed offsite.
If existing, or proposed, record categories do not enable effective management via an offsite
store then they will need to be reconsidered prior to sending records offsite.
For example, the physical format of a record is not sufficient criteria to understand how records
can be accessed and managed offsite. Other characteristics such as retention period, function
and purpose are needed to ensure effective record categorisation.
The assessment and development of record categories is a timely and specialist task. Where
available the organisation must look to record management expertise to perform this task.
If expertise is not available within an organisation, it must seek external expertise to perform this
function.
Questions:
Q1.
Are all records associated with a known record category?
Q2.
What are the characteristics used to define record category (for example function and
format)?
Q3.
Are owners and users of record categories known or identified?
Q4.
Are the current locations of all records in a record category known?
Q5.
Is the volume of records in each category known and verifiable (for example number of
files and linear measurement scale)?
Q6.
Do any record categories require specific security provisions?
Q7.
Do any record categories include vulnerable or fragile records?
03 February 2012
Page 10 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A1.
If the organisation cannot develop record categories it places itself at a significant risk as
the records cannot be identified as a group or managed effectively. Categorised records
will deliver benefits including (but not limited to):
timely disposal of records in accordance with agreed retention periods
avoidance of storage costs for records that should have been destroyed
ability to track and locate business critical information at any time
A2.
Awareness of a record category’s profile is important as it may detail the physical nature
of a record. This will be of particular importance for heavy records or oversized records,
such as maps, which need specific storage requirements to protect them.
A3.
Typically the owner of a record category is responsible for authorising access to the
records (in many cases a specific branch of an organisation may be the ‘owner’ for a
particular category).
Establishing the appropriate authority figures and likely users of the records will inform
certain decision making, access controls, as well as the anticipated level of service
required for each record category. This will provide specifications for access that reflect
the actual business need and will also assist in controlling overall costs. If this information
is not identified it could cause:
unauthorised access to records
inability to assess the status of records in a timely manner
costly uncontrolled retrievals for review of records that lack management information
A4.
Knowledge of the current location of records in each record category will identify the
current business need (such as multiple geographical location sites) and related transport
overheads.
If the location of all records per record category is not known, it will be difficult to define
the required level of use and transport for records.
A5.
The volume of each record category and any known accrual rate can ensure an accurate
calculation of the overall storage requirement. Where this is not known storage figures
can be miscalculated resulting in either excess cost or a lack of future storage capacity.
03 February 2012
Page 11 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A6.
An organisation may choose to sub-divide record categories by a security provision such
as protective markings or Government Security Classifications (Unclassified, Restricted
and so on).
If a record category calls for increased, or specific, security provisions the organisation
will need to decide if the records can go offsite. Particularly where the records contain
sensitive or personal data.
A7.
Any fragile or vulnerable records must be provided with adequate protection when stored.
Sufficient provision must be made for fragile records stored offsite. This includes training
for the contractor’s staff on handling the records correctly.
Further information on specifying storage for vulnerable records is available in section 8.2
Vulnerable records.
3.2
Needs of the record categories
Not all categories of record have the same storage and access requirements. An organisation
should consider the potential impact of both when developing a specification for an offsite store.
No: 1.1
Consideration:
Review record categories and develop criteria for how they may be organised offsite
Rationale:
Records in an offsite store can be organised in any number of ways.
For example, an organisation (and by extension the contractor) could choose to organise all
records within a record category by case number, retention period, a specific security
requirements depending on the record category.
The chosen means must be consistent and you must maintain them throughout the life of the
record category within the offsite store to ensure the ongoing management of the records.
Questions:
Q8.
Must the records continue to be organised in order (for example, by case number)?
Q9.
Are there categories of records that are required for frequent access?
Q10. Is there sufficient means to identify records subject to information requests during and
after a transition to offsite storage?
03 February 2012
Page 12 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A8.
Where physical format or environmental controls are not specific to a record category,
records can be more effectively stored by allowing a contractor to place records wherever
there is space.
This type of randomised storage using barcode tracking is the most typical means of
storage in commercial storage facilities as it provides greater storage efficiencies and
reduced costs. It has the additional benefit that sensitive records are not held in a single
space making it harder to identify them.
Conversely records stored in a rigid order will leave empty spaces on shelves that the
organisation still has to pay for.
Randomised storage needs to be assessed carefully. An organisation must be satisfied
that the contractor’s systems are suitably robust to cope if the tracking system fails. Where
records are not organised in a rigid manner it’s possible that it will take more time to locate
those records than records which have been stored in a logical sequence.
A9. A9.
Placing the most active material as close to the centre of operations as possible with the
lesser-used material further away could provide significant efficiencies within the offsite
store. If this information is available to the contractor they can allow for this and could
maximise the production of requested records.
Identifying less frequently accessed record categories could lead to cost savings in
storage, as the contractor can use denser packing on shelves (three boxes high and three
deep as opposed to more active records at one or two high and two deep to allow easier
access).
A10. All public bodies have a responsibility to respond to requests for information under the
Freedom of Information Act 2000, Environmental Information Regulations 2004, and Data
Protection Act 1998. Such requests could occur even during a relocation to an offsite
store and so it’s vital that requested information is available for review and where
applicable release.
You should consider it best practice that an organisation can always locate information,
irrespective of its current location.
03 February 2012
Page 13 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 1.2
Consideration:
Identify any record categories requiring specific storage standards.
Rationale:
Within an organisation there may be categories of records that call for a specific standard of
storage. For example records needing storage with specific parameters for humidity, light and
so on. In such cases the organisation must discuss these requirements with a contractor to
ensure that the conditions can be provided.
In practice many organisations will not require specific storage facilities. However it is important
that the environment within the offsite store is controlled to ensure that the temperature and
humidity levels are kept to a moderate level.
Questions:
Q11. Do any categories of record require specialised environmental storage conditions?
Q12. Do any categories of record require specialised storage furniture?
Q13. Can the contractor provide the required storage for any special record categories?
Outcomes:
A11. Specialised storage environments require careful planning. The organisation should
articulate specific needs to a contractor prior to agreeing a contract ensure the specified
environment can be provided.
If this is not specified there is a risk of records deteriorating beyond use or a variation to
the contract to include the required conditions resulting in exceptional and punitive costs.
A12. Organisations should always consider the format of records when determining the best
method of protecting them whilst stored. Where specialised storage furniture (bespoke
shelving for maps) is required the organisation should provide detailed specifications
prior to agreeing a contractor.
Failure to do this may result in fragile records being stored in an inappropriate manner
leading to unacceptable incidence of damage.
A13. Providing the most effective type of storage for specific formats of records is essential to
their long-term preservation. Most contractors try to meet specific storage requirements if
they are informed prior to receiving the records.
Where a contractor cannot provide the required storage, the organisation must consider
alternative options for the record categories that require specialised storage
environments.
03 February 2012
Page 14 of 67
Identifying and specifying requirements for offsite storage of physical records
3.3
Associated indexes and finding aids
Finding aids for records provide an essential guide to what records are held, their owners, and
other key information. Inaccurate or out of date finding aids are one of the principal causes of
poor records. If the organisation does not review its finding aids prior to supplying them to a
contractor there is a significant risk that records may become lost, or inappropriately managed.
No: 1.3
Consideration:
Locate and assess all finding aids for every record category prior to sending records
offsite
Rationale:
An index is a useful tool in understanding a particular category of records. Organisations should
retain a record, or index, for every category of record.
It may be beneficial to supply a copy of any finding aids (indexes) for all records to the
contractor prior to the relocation of records to an offsite store. As a minimum provide an index of
any boxes including a list of their contents. This is crucial and should include, but is not limited
to:
record identifier (barcode or barcode of box it is registered in)
the record owner
retention period
allocated disposal schedule
dates record/file was opened and closed
links to other records
location of records
The organisation must ensure this information can be imported into any systems being used to
track the records held at the offsite store.
Questions:
Q14. Is there a finding aid for all records due to be sent offsite?
Q15. Does the finding aid accurately describe the records, and is it up to date?
Q16. Can the existing finding aid be extended, integrated or exported to work with or within an
external contractor’s systems?
03 February 2012
Page 15 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A14.
All categories of records must have a usable finding aid. Where absent, or insufficient,
you should develop finding aids as matter of priority. This may form an additional
requirement in the specification - it may be more efficient to instruct the chosen storage
contractor to undertake the necessary work.
Inability to identify records (and content) can significantly impact on:
ongoing business
response for information under the Freedom of Information Act
inability to locate personal data within a record collection
difficulty in executing timely disposal scheduling
maintenance of access controls to records
A15.
If the finding aids do not accurately describe the records through meaningful metadata it
could lead to lost time and money in re-cataloguing record categories and re-establishing
their management criteria.
This effort could be very costly to the organisation both in monetary and legal terms if
records are not managed correctly or become ‘lost’ in the system
A16.
Wherever possible indexes should be digital and importable into the system(s) used by
the contractor and organisation to track and manage records. This reduces the need for
duplicate information and helps ensure that there is a single authoritative dataset for
every record category
Finding aids are more valuable if they can be transferred/integrated into other systems.
Being able to move finding aid or index data into an online system may increases the
organisation’s overall ability to track and manage records when held internally, offsite or
shared with other organisations.
Reliance on physical finding aids (such as card indexes) can lead to significant loss of
information; a fire could destroy the entire finding aid which would impair the
organisation’s ability to fulfil its function.
3.4
Vital records
Vital records must be identified and managed with care. Without them an organisation may not
be able to effectively recover key business operations after a disaster. The organisation must
weigh up whether storage of vital records offsite is appropriate, and decide how to communicate
the importance of these records to the contractor.
03 February 2012
Page 16 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 1.4
Consideration:
Identify categories of record to be stored offsite that are considered as vital records
Rationale:
Vital records are the essential records required for business continuity in the event of a
catastrophic event. Without them the organisation cannot re-establish itself and restart its core
functions.
It is essential that vital records are identified and given the necessary protection when held
offsite.
There is little point in an offsite store safeguarding records as ‘vital’ if they no longer contain the
required information. Periodically an organisation must review the currency of vital records to
ensure that they are still valid and up to date.
Questions:
Q17. Has the organisation identified its vital records?
Q18. Will any vital records be stored in the offsite store?
Q19. Have vital records stored offsite been identified to the contractor?
Outcomes:
A17.
If an organisation has not identified vital records prior to being sent offsite they may not
be retrieved as quickly as needed to help the business restart following a disaster. This
could lead to significant loss of service by the organisation.
A18.
Where vital records are stored in an offsite store they must be identified clearly and given
significant protection. A contractor can only do this where they are made aware of the
presence of vital records.
If an organisation is not willing to identify its vital records to an offsite storage provider
(perhaps for security reasons) it needs to consider how these records are accessed and
used so that their information is not accessible to unauthorised individuals.
A19.
Most offsite stores are able to provide significant security for any category of record that
requires an increased level of protection. However if the contractor is not made aware of
the presence of vital records it will not be able to manage them as the organisation
requires.
03 February 2012
Page 17 of 67
Identifying and specifying requirements for offsite storage of physical records
4
Developing disposal policy
Disposal, or disposition, of records is an important part of their lifecycle. It is essential that no
records are sent offsite without being assigned a current disposal schedule with procedures in
place for managing and executing disposals when due.
Failure to allocate and manage disposal schedules could significantly impact the management of
an offsite store. If an organisation is not able to clear records due for disposal then it cannot
make room for incoming records.
This will result in having to pay to store excess amounts of records. More significantly it could
expose the organisation to risk of contravening information legislation (the Freedom of
Information Act 2000).
Unless specified otherwise records should be appraised by the organisation before they are sent
offsite and later when the disposal schedule due date is reached. The organisation may decide
that more routine records can be appraised by the contractor prior to destruction or transfer. In
such cases there must be an agreement and system in place to prevent (or hold) the disposal
schedule on any record or group of records if required.
There is further guidance on developing disposal schedules at:
nationalarchives.gov.uk/information-management/projects-and-work/retention-disposal-schedules.htm
03 February 2012
Page 18 of 67
Identifying and specifying requirements for offsite storage of physical records
Developing Disposal Policy
Appraise records
categories and
allocate appropriate
disposal schedules.
Start
Is guidance
on record appraisal and
disposal scheduling
available?
Develop appropriate
guidance on record
appraisal and
disposal schedule
allocation.
Yes
No
Assign a responsible
team to the record
appraisal and disposal
management for the
records.
Do all
record categories have
an allocated disposal
schedule?
No
Yes
No
Is record
appraisal and disposal
management an
assigned task?
Yes
End
4.1 Developing disposal criteria
Clear and coherent disposal processes are built on disposal schedules that are realistic and can
be easily applied to a record category (the part of the description of a record category will be how
long the record must be retained).
03 February 2012
Page 19 of 67
Identifying and specifying requirements for offsite storage of physical records
No:
2.0
Consideration:
Develop and implement disposal schedules that clearly define the criteria for
disposing of every category of record
Rationale:
An essential aspect of managing records is identifying when to dispose of them (or transfer
them to another organisation, such as The National Archives).
An organisation can significantly improve the efficiency of an offsite store if disposal
schedules are allocated and used.
All record categories must have a defined disposal schedule. This can significantly reduce the
risk of records being sent offsite without a clearly defined (and actionable) set of disposal
criteria.
Where large numbers of records are stored with no disposal schedule the organisation could
pay for storing records where there may be no justification for their retention.
Questions:
Q20. Does the organisation have current disposal schedules for each record category?
Q21. Are users correctly allocating and executing disposal schedules?
Q22. Can the organisation identify records overdue for destruction?
Q23. Has the organisation identified records overdue for transfer to an archival body (such
as The National Archives or designated Place of Deposit)?
Q24. Does the organisation have a mechanism to review the relevance of its disposal
schedules in the future?
03 February 2012
Page 20 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A20.
As well as being good records management practice, establishing retention periods
prior to sending any records off site is a useful logistical tool.
If up to date disposal schedules are not available the organisation will store records
with incorrect disposal management criteria. This may result in significant extra costs
having to recall records and reappraise them in order to allocate an accurate disposal
schedule.
A21. The organisation must ensure that the disposal schedules are allocated appropriately
and managed effectively.
In some circumstances this may mean revising schedules, which are out of date or not
suitable for the record category they are associated with. In other cases it may need a
revision of the available advice and guidance to users on the correct appraisal,
allocation and final disposal of records.
A22.
An appraisal of records, prior to sending them offsite, can identify records that may
already be due for destruction or transfer. The organisation should seek to identify any
and all records due, or overdue for disposal prior to sending them offsite to avoid
excess costs in storing records no longer required by the organisation.
A23. Not all record categories will need to be destroyed; some may need to be kept because
of their historical value. Appraising records and allocating disposal schedules prior to
sending them offsite may identify records that are due for transfer to a relevant archival
body (such as The National Archives or an appointed Place of Deposit).
Appraising records for their historical value is a specialist task and should normally be
undertaken by a person with that specialist knowledge in conjunction with the archival
institution which normally receives such records for historical preservation once their
operational value has ceased.
In the case of bodies covered by the Public Records Act 1958, this will be The National
Archives or appointed Place of Deposit. Where current arrangements are not known to
exist, The National Archives can advise on appropriate institutions to which records
may be transferred.
A24. The business and legal environment in which an organisation operates may be subject
to change, possibly affecting the length of time records should be retained (either
decreased or increased). The organisation must have a means of being able to update
and reapply disposal schedules in as efficient and accurate way as possible. Electronic
systems to track and manage records offsite can provide the best response to such
changes.
If an organisation cannot update its disposal schedules there is a substantial risk that
managing records in the offsite store (and elsewhere) will become very difficult. This in
turn could lead to significant costs at a later date in trying to revaluate a large number
of physical records en masse.
03 February 2012
Page 21 of 67
Identifying and specifying requirements for offsite storage of physical records
4.2
Allocation and execution of disposal schedules
Ensuring end-users are aware of the correct allocation of disposal schedules will significantly
improve the ability of the organisation in managing its information. If the rules and guidelines are
not clear (or non-existent) the organisation will not be able to manage the disposal of records
wherever they are stored.
Where a contractor is expected to manage some, or all, of the disposals for records their staff will
also need the same training and guidance as that of the organisation’s users.
No:
2.1
Consideration:
Develop and maintain clear guidance on how to allocate and execute disposal
schedules
Rationale:
To ensure correct management of records, it is vital that all users understand the correct
process for identifying and allocating disposal schedules to records.
Users must have clear guidance and associated training for all aspects of using an offsite
store, in particular the allocation and management of disposal schedules for records.
This guidance should be regularly reviewed to ensure its continued effectiveness for an
organisation.
Questions:
Q25. Does the organisation have current guidance on disposal schedule allocation and
management available for all users?
Q26. Is there sufficient training available for users on the management of the offsite store
(and associated systems)?
Q27. Will there be resource to ensure that the guidance and training are maintained and up
to date?
03 February 2012
Page 22 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A25. The key to the correct use of disposal schedules is how well users understand the
purpose of allocation and execution. Guidance on the correct use and management of
disposal schedules should be clearly communicated to users and made available in as
accessible way as possible.
Failure to create and provide guidance and training may lead to the disposal schedules
being inappropriately used or not used at all.
A26.
Written guidance alone is not enough for an organisation to be sure that users
understand how and why disposal schedules should be used. Training must cover the
principles and rules for allocation of disposal. It should also explain the technical
systems used to apply and track the disposal for records in the offsite store.
A27.
Guidance and training is only valuable if it reflects the current working environment. The
organisation should ensure that all documented guidance and training is kept up to date
and relevant to the users.
As the organisation changes and use of the offsite store evolves, supporting guidance
and training should reflect any changes or new ways of working with the system.
4.3 Managing disposal
Allocating disposal schedules is only the beginning of the disposal process. Managing the
execution of disposal schedules is as important if the organisation is to prevent paying for
storage of records it no longer needs.
No: 2.2
Consideration:
Decide who is responsible for actively managing disposal of records
Rationale:
Prior to sending records offsite, the organisation must determine who is responsible for
disposal. This may be the organisation, a third party contractor, or a mixture depending on the
sensitivity of the record category.
The organisation may decide that it is more efficient and cost effective for the contractor to
carry out the disposal action on records. In the case of record destruction this may be the
contractor or an identified secure sub-contractor (either chosen by or agreed with the
organisation).
Irrespective of who executes the disposal schedule the whole process must be supported by a
full audit trail for the action to ensure that the destruction of any record can be identified at a
later date.
03 February 2012
Page 23 of 67
Identifying and specifying requirements for offsite storage of physical records
Questions:
Q28. Who will be responsible for monitoring when records are due for disposal?
Q29. Are there systems that provide a robust audit trail for the allocation, management and
final disposition for all record categories?
Q30. If destruction is carried out by the contractor (or agreed sub-contractor), can they
produce suitable evidence (including destruction certificates) that records are being
securely destroyed?
Q31. Will records be destroyed by an appropriately security cleared in a secure controlled
location?
Q32. Will records be destroyed in an appropriate manner that ensures no information can be
obtained from them after disposal?
Outcomes:
A28. The organisation may choose to monitor record disposal, delegate it to the contractor, or
use a mixture of the two, depending on the record category. Irrespective of this decision
there must be confidence that it’s clear who is responsible and for what.
Where records due for disposal have to be retained for other purposes (such as a legal
investigation) there must be a clear protocol for indicating the requirement for a disposal
hold. Specifically the IT systems must have the functionality to indicate records that are
not to be disposed of.
Failure to implement this type of rule and supporting system risks the destruction of
records required for legal purposes, leading to potential further legal action and costs.
A29. A system used to track the disposal of records should retain information on:
date a record was scheduled for disposal
change of disposal schedule
changes to the allocated disposal schedule
date and reason for the disposal schedule being paused
date of destruction or transfer
This gives the organisation confidence that even records destroyed in error can have
their final status identified.
Failing to audit a record disposal could mean the organisation would be unable to prove
whether the record has or has not been destroyed.
The cost and possible legal implications mean that an audit trail is essential for all
records in the offsite store.
03 February 2012
Page 24 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A30.
It may be more cost effective to pay for destruction of records at the offsite store (or by
an accredited sub-contractor) rather than the organisation recalling large numbers of
records and assigning its own resource to the task. Where this service is engaged the
organisation must demand destruction certificates are provided for every set of records
destroyed on their behalf.
External destruction of records may not always be appropriate depending on the
sensitivity of records, or even the proposed cost. The organisation must be convinced
that the destruction process is secure, accurate, and fully documented (including the
provision of certificates).
A31.
An organisation must ensure that wherever records are destroyed it is done in a secure
and controlled area with limited access.
The organisation must be satisfied that whoever is destroying the records is capable of
doing so in a suitably controlled and secure environment.
A32.
Destroyed records can still potentially provide information. The method of destruction
will depend on the physical format of the record, but the organisation should ensure
records are destroyed beyond all use.
The organisation is responsible for protecting records, even when destroyed, so that the
content cannot be used by unauthorised personnel. Failure to ensure records are
destroyed beyond any use could result in a significant data security problem such as
breaching the Data Protection Act 1998 or other legislation.
Specifying the service
Provision of a managed offsite store is not simply a remote storage location for semi-current
records. Most offsite stores offer a number of extra services that allow an organisation to manage
and interact with the records in a variety of ways. These range from providing a digitised copy of
a specific record held in a box of records (‘scan on demand’ rendering retrieval of the whole box
unnecessary) to adding an item to an existing box (where that is the normal contractual unit of
management).
The specification and understanding of what is likely to be needed from the whole offsite storage
service must be clearly defined prior to agreeing a contract. This can help avoid over (or under)
specifying the service requiring variations to the contract at significant cost to the organisation.
An organisation may determine that it is economically viable to enter into a shared service with
another organisation. This does not obviate the organisation from ensuring that the service
meets all its needs.
03 February 2012
Page 25 of 67
Identifying and specifying requirements for offsite storage of physical records
5
Security management
One of the key criteria for an offsite store is security of the records. All records held offsite should
be protected at all times.
Inadequately protected records could be subject to unauthorised access, theft or damage with a
significant impact on the organisation. For example uncontrolled access to personal data could
lead to legal action from individuals whose data has been put at risk.
Security Management
Start
Have requirements
for security within
the offsite store
been identified?
Develop and allocate
appropriate security
requirements for the
offsite store.
Develop and allocate
access controls for
all record categories.
Yes
Have all record
categories been assigned
access controls?
No
Allocate and
implement access
controls on systems
used for managing
records offsite.
No
Yes
No
Have requirements
for security within
the offsite store
been identified?
Yes
End
5.1
Specifying the required security
An organisation should specify to the contractor the required level of security for each record
category and the level of security required at the offsite store. For information on environmental
protection measures see section 9 Environmental conditions.
03 February 2012
Page 26 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 3.0
Consideration:
Specify the desired physical security for the offsite store, ensuring adequate and
well-maintained system of security to protect the building(s) and its contents
Rationale:
The organisation must seek evidence that the offsite store and its compound are adequately
protected. A breach in security can have consequences which are not easily quantified but
could involve significant costs and potential legal action against the organisation.
Every organisation (and the records they hold) will have varying security needs. There are,
however, general precautions that apply to any offsite store. These include (but are not limited
to):
CCTV surveillance
alarms, linked to security provider and/or police
all staff subject to security clearance assessment (level of security to be determined by
the organisation - not the contractor)
all staff and visitors carry identification to indicate their right to be on site
security access controlled across the building preventing access to sensitive areas
(specifically when an offsite store holds more than one organisation’s records)
a secure perimeter, including robust fencing
site location (not a remote site or placed in an area of high crime)
surrender of any device capable of taking photos such as mobile phones or cameras
prior to entry
If the offsite store is not adequately protected the organisation may be subject to a data security
breach.
Questions:
Q33. Has the organisation formed a brief on the level of security required at the offsite store?
Q34. Does the site have functioning, monitored CCTV and alarm systems?
Q35. Is security vetting performed for all staff working on the site?
Q36. Is the site, and its function, obvious to the general public?
03 February 2012
Page 27 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A33.
A contractor must provide evidence it can meet all the security measures specified by
the organisation. The organisation should visit the proposed site to confirm it is suitable
prior to agreeing sending its records there.
A34.
Functioning and monitored CCTV provides excellent support in detecting and preventing
attempted theft or vandalism. The organisation needs to think about the locations of
CCTV both outside and inside the building(s) to ensure adequate coverage. Additionally
it will also need to consult with the contractor about frequency of recording to avoid
amassing large numbers of CCTV tapes.
Additionally the offsite store should be equipped with a functioning and monitored alarm
system (linked to either a security company and/or local police). As unauthorised access
may occur when there are no, or very small numbers of staff on site, it is vital that an
alarm can be raised at all times. If alarm systems are not available (or monitored and
maintained) there may be no means of indicating a breach in security within the offsite
store.
A35.
An organisation will need to ensure all personnel accessing the site have passed
appropriate security vetting. The level and nature of screening must be determined prior
to allowing records to be stored at the site; it may vary between the expected levels of
access and user role.
It is the organisation’s responsibility to ensure all staff working with the records held
offsite are appropriately vetted, and that the contractor can provide relevant certificates
for their staff on request.
Where an organisation does not vet these users (or not insist that the contractor provide
evidence it has vetted them), it must address the risk of unauthorised access to their
records.
A36.
Offsite storage providers would not normally advertise locations holding very sensitive
information. Depending on the organisation’s need there must be a decision on the
visiblity of the offsite store’s function in consultation with a contractor (for example,
whether the contractor has a business sign on the outside of the building or not).
If the offsite store’s function is obvious the organisation’s records could be at risk from
opportunistic criminal activity, possibly resulting in damage or theft of records.
03 February 2012
Page 28 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 3.1
Consideration:
Determine and assign levels of access to all record categories held within the offsite
store
Rationale:
It may not be appropriate for the contractor (or other users within an organisation) to have
access to all categories of record (or individual records within a category). The electronic
systems used to manage records in the offsite store must be able to indicate the specific
access controls for record categories, and where appropriate individual records.
The organisation must place access controls on record categories to prevent unauthorised
access to records. If this is not in place the contractor will not be able to control access to
records when under their control.
Questions:
Q37. Does each record category have specified access controls?
Q38. Are there individual records that require more specific access controls than that of their
record category?
Q39. Who will manage the access controls of the records?
Outcomes:
A37. By detailing the access controls for record categories the organisation can indicate who
is allowed to retrieve particular records. The contractor can use this information to help
manage access to records. If record categories do not have clear access controls then
the contractor (and supporting systems) will not be able to prevent unauthorised access
and data security breaches.
A38. You might need to protect some records beyond the access control of the record
category. Avoid individually allocated access controls as far as possible; wherever this
does occur the same principles must be applied to ensure consistent use and
management of the records. As with A37, if access controls are not effectively managed
it is harder for the contractor to ensure only authorised access to records is granted to
records held offsite.
A39.
Access controls might not remain constant throughout the life of a record. As records get
older their sensitivity may change and the need for wider access provided (or restricted).
The organisation must ensure that it schedules reviews of allocated access controls for
record categories, ensuring they are usable and accurate. If the incorrect access control
is applied records might not be managed properly and this could lead to:
inappropriate access being granted
wrongful prevention of access to requested information under Freedom of Information
Act 2000
03 February 2012
Page 29 of 67
Identifying and specifying requirements for offsite storage of physical records
5.2
Active management of security to electronic systems
Once an organisation has been able to identify its security and access needs it must ensure all
aspects are managed actively at all times.
Failure to do this could result in a serious data security breach leading to loss or misuse of the
organisation’s information.
No: 3.2
Consideration:
Determine and assign levels of security access to any electronic system that
provides information on the content of the records
Rationale:
It may not be appropriate for the contractor, or other users within an organisation, to have
access to information about a record’s content. The organisation must implement controls
preventing access to data (via the systems used to manage records) to unauthorised
staff/contractors.
An organisation may need more formal levels of auditable security in the electronic systems.
The standard, BS ISO/IEC 27002:2005 Information technology: Security techniques: Code of
practice for information security management, provides an independently auditable level of
security.
Central government departments will also have to consider CESG requirements as well as the
Cabinet Office’s Manual of protective security which prescribes methods of storage for records
marked with Government Security Classifications (‘Confidential’ or ‘Secret’).
If this is not done then unauthorised personnel may be able to determine sensitive information
about records held in the offsite store.
Questions:
Q40. Can the record tracking system define and maintain user permissions to control access
to records, their content or informative metadata?
Q41. Who will manage the security of the electronic systems?
03 February 2012
Page 30 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A40.
Any system providing access to an organisation’s information should have a means of
controlling that access. The organisation should insist that any record tracking system
provides any set of access controls as appropriate to record categories, individual
records (where required) and the systems that provide metadata for them (the tracking
systems). This may be done by integrating with other systems or using an individual
function of the tracking systems. However you achieve this, it must be accurate and it
must reflect the current security controls within the organisation itself.
A41.
The organisation must identify and agree who is responsible for managing the access
controls in a record tracking system. This includes the means of identifying and
reporting attempted breaches and a full audit trail of the attempt.
Proactive management of security allows the organisation to be aware of persistent
attempts to access (controlled) information. It will also ensure the systems are always
protected and they reflect the current security need. Failure to manage access controls
risks unauthorised access to information and content, with potential for theft and/or
misuse.
6
Access and retrieval of records
The success of investing in an offsite store relies on how well the organisation can effectively
interact with that store once the operation is in place. In particular, you must think about the
many factors that can impact the efficiency of access and retrieval with an offsite store.
If the organisation does not properly determine the expected level of service from an offsite store,
a contractor cannot provide the desired level of service to all areas of the organisation. The key
issues include (but are not limited to):
unit of management for access and retrieval (box of records, or individual records)
number of users requiring access to the stored materials
expected delivery timescales, and frequency for every record category
anticipated volume of retrieval requests
In order to ensure secure and effective business operations, there must be a thorough
investigation of anticipated access and retrieval, understood by all areas of the organisation. This
approach will highlight potential problems at an early stage and will help ensure access to
material in the appropriate manner within the required timescale.
03 February 2012
Page 31 of 67
Identifying and specifying requirements for offsite storage of physical records
Access and Retreival
Re-evaluate the
required service for
an offsite store and
other potential
locations.
Start
Have retrieval times
for each record category
been identified?
Identify the predicted
retrieval and access
service needed for
each record
category.
Yes
No
Develop and
implement clear
guidance on retrieval
and access of
records held offsite.
Is the offsite store in a
suitable location?
No
Yes
No
Has guidance on the
system for retreival been
developed?
Yes
End
6.1
Identifying patterns of use
When deciding which records to store offsite it’s vital to understand how often categories of
records are likely to be requested. By identifying the business patterns, an organisation may also
be able to decide whether or not there may be some record categories that should remain on site
rather than go to an offsite store.
No:
4.0
Consideration:
Define and allocate retrieval times for each record category, or groups of record
categories
03 February 2012
Page 32 of 67
Identifying and specifying requirements for offsite storage of physical records
Rationale:
In order to provide an efficient means of accessing and retrieving records the organisation
should provide a schedule for retrieval times to the contractor in consultation with the potential
users of the service.
The organisation will also have to consider how users request records from the offsite store
and the specified unit of management (individual records or box of records).
Will users interact directly with the service or via an ‘in-house’ ordering process? Both options
have benefits, direct access giving quicker retrieval requests, managed access by an access
team providing greater control of the use and management of the offsite store.
If there is no input on retrieval times or the unit of management is inappropriate there is a risk
that the retrieval service will not meet business need causing user dissatisfaction and leading
to inappropriate use of the system.
Whatever the determined retrieval services they must not impede or prevent an organisation
complying with statutory timescales for responses to requests under the Freedom of
Information Act 2000 or Data Protection Act 1998.
Note that access to records may not be restricted to the organisation’s staff and there must be
protocols in place to allow authorised external users (the audit bodies) to request and access
records held offsite.
Questions:
Q42. Do users require specific retrieval services for certain categories of record?
Q43. Are their record categories that can be grouped in terms of need for retrieval and
access?
Q44. Have record categories that require priority retrieval been identified?
Q45. Are there categories of record that could be produced by reproduction of a surrogate?
Outcomes:
A42. The organisation should include user consultation when defining retrieval services for
record categories (in other words, the preferred unit of management and retrieval time).
It should not rely solely on this information; the organisation may find users engage with
the offsite store more productively where their requirements are accounted for.
You must make an objective assessment before specifying retrieval times to ensure
best value for money and to avoid too many bespoke retrieval services.
03 February 2012
Page 33 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A43. It would be impractical for an organisation to allocate individual retrieval times for each
record category. The organisation should identify those record categories that call for a
similar retrieval service and allocate that service over as broad a range of records as is
practical. This provides a contractor with a manageable number of delivery schedules.
In some cases it may be possible to determine access and usage from previous trends
either with another offsite store or an internal record storage service. If available this
data could provide a very efficient means of establishing retrieval service need. If the
record categories are not assigned specific retrieval times the contractor might process
requests under standard retrieval times, which do not meet user need.
A44. Some record categories may demand fast (or emergency) retrieval times. Where
identified, the organisation must provide a retrieval time to the contractor detailing
which record categories are eligible for a faster service (and who can use it).
Where used, the organisation may need to consider setting up an internal charging
regime. This will control costs by discouraging users from using the service for routine
file requests. The organisation has to be able to monitor the pattern and pace of
retrieval to review and identify changes in business need. Section 10 Auditing and
reporting discusses monitoring usage patterns in more detail.
A45.
Another means of providing records to users quickly is through the production of
surrogates. This may be through scanning the record or if appropriate faxing a copy.
This is of particular value where the record is fragile or in high demand. Production of
surrogates must be carefully controlled by business rules. When it is no longer required
the surrogate must be destroyed (and not returned to the offsite store as a new record).
If not carefully controlled there is a significant risk that the record will be held in
duplicate offsite for no reason and at extra cost to the organisation.
No:
4.1
Consideration:
Identify and estimate current or anticipated level of demand for access for each
category of record
03 February 2012
Page 34 of 67
Identifying and specifying requirements for offsite storage of physical records
Rationale:
It is possible that every category of record might have a different level of use. For example, a
record used in a particular court case may only ever be called upon once during the trial
period, then just stored for the legally required period. Conversely records used in a lengthy
building project may be recalled and used more frequently, even after the project has been
completed.
The organisation must establish the likely level of use for all record categories to determine
anticipated level of retrievals. With this approach the organisation can assess the current
operating model. It provides an opportunity to identify potential changes that could lead to
improvements and operational efficiency savings.
Once the offsite store has been set up patterns of use should be assessed regularly to ensure
that the terms of retrieval are accurate, and if not, the means for addressing this with the users
and/or contractor. This places an additional requirement on the organisation to ensure that the
contract with the offsite store has some flexibility with respect to increasing or decreasing
planned levels of retrieval.
Questions:
Q46. Has a pattern of use been identified for all record categories?
Q47. Will the contractor be able to manage periods of high usage during pre-identified busy
periods or seasons to maintain the required retrieval times?
Q48. Are there likely to be regular uplifts (small or large) to the offsite store postimplementation?
Outcomes:
A46.
Understanding the common use of a record category helps form priorities for retrieval
time. If applied correctly this approach can establish a common set of retrieval times for
all business units.
If the patterns of use are not properly assessed or the data is not available, the
organisation must ensure it discusses the potential access need with users in detail,
prior to assigning a retrieval time to category of record.
The organisation should also develop a plan of quarterly or annual assessments on the
pattern of use for each category of record. This will ensure that the agreed service level
still meets the business need and is not leading to excess costs for unwanted retrieval
services or impeding business units by unnecessarily restricting access to records.
03 February 2012
Page 35 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A47. The organisation must ensure that any potential contractor can cope with periodic large
transfer in or out of the offsite store. For example, during the processing of year end
financial papers.
The organisation must be able to satisfy itself that the contractor can cope with known
increased usage levels and can provide assurances of their ability to respond to
anticipated fluctuations in demand.
If the contractor is unable to support an identified pattern of use it is likely that any
significant influx could overwhelm unprepared staff and increase the risk that records
will not be properly tracked
A48.
In addition to predicted increased use of the offsite store, the organisation may be
aware of other future activity that could present a management issue for the offsite
store: for example if a business unit is to be closed and all its records need to be held
prior to disposal.
It is extremely useful for the contractor to have this type of information in advance, even
without an exact date of for the uplift, to cost (and allow for) the expected increased
volume.
If this information is not provided to a contractor it could result in a period of delay in
function at the offsite store, as well as a significant excess charge from the contractor
for uplift.
The same principles should be applied if the organisation in conjunction with the
contractor has to relocate to another site (either to a larger facility or smaller depending
on need). If the records are to be relocated en masse the systems used to rack the
move must be robust enough to cope.
6.2
Establishing the offsite store’s location
The geographic location of an offsite store can affect the ability to retrieve physical records in a
timely manner, as required by the business needs of an organisation.
If an offsite store is unable to provide the required level of service, it will impact negatively on
business operations including failure to provide information in mandated timeframes under
legislation such as The Freedom of Information Act 2000.
03 February 2012
Page 36 of 67
Identifying and specifying requirements for offsite storage of physical records
No:
4.2
Consideration:
Compare required retrieval service levels against the geographic location of a
proposed offsite store
Rationale:
When generating the specification for an offsite store the organisation must identify the
necessary retrieval timeframe(s) for each record category to be stored. It is also important that
the contractor is fully aware of the anticipated business needs prior to agreeing any contract.
Weigh up the benefits and risks of storing records in locations close to, and further from, the
organisation’s own site(s).
Ultimately an offsite store has to be located so that it will successfully fulfil the required
retrieval times, including any fast retrieval times agreed.
The manner in which retrieval is conducted may vary depending upon each individual contract.
(It should meet the agreed terms of the contract.)
Questions:
Q49. Can the proposed location support the required retrieval times (two hours, half-day,
next day and so on)?
Q50. Will a secondary location be required for frequently requested record categories?
Q51. Are there alternative routes to and from the offsite store that avoid significant delays in
traffic at peak times?
Outcomes:
A49. In order to operate effectively, an organisation must be able to retrieve records from an
offsite store in a timely manner dependant on business need.
For example, some record categories may require very short/emergency retrieval times
due to the urgent nature of the associated business processes; others may simply need
a next day service.
Where subject to specific jurisdictions, the organisation should avoid storing records
outside that area. For example:
records subject to the Public Record Act should not be stored outside the UK
records containing personal data should not be stored outside the European Union
03 February 2012
Page 37 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A50. Where there is the option to store material in more than one location, an organisation
may find it preferable to keep regularly accessed, high-demand records closer to their
office(s), while material that is accessed less frequently may be stored further away in
bulk (or palletised) storage. A well-managed storage network can provide a balanced
cost approach, especially where a secondary store is rarely accessed.
The use of multiple storage locations must be properly assessed, as there may be
additional risks. Clear procedures and specifications must be in place to ensure records
are always stored in the correct location (and prevent records being mixed up or even
lost).
A51. It is important that the means of retrieving records is not hindered by external issues.
The storage contractor should be able to demonstrate how it might tackle known
issues, such as rush-hour traffic or long-term road works that may significantly affect
retrieval times. The organisation should identify any specific company or geographic
issues it can address, such as delivering records to a remote or hard to access
locations.
If records cannot be retrieved or accessed in a contracted timeframe with the
organisation’s users there is a significant risk that the offsite store will not be used.
6.3
Guidance on access and retrieval
Ensuring end-users are aware of best practice will ‘make or break’ the use of an offsite store.
No: 4.3
Consideration:
Develop and maintain clear guidance on how to request records from the offsite
store
Rationale:
Users need clear guidance and training on all aspects of the offsite store so that the records
can be properly accessed and maintained. All users must understand the process for
requesting records from the offsite store to ensure the operation remains effective.
Guidance should be clear and without jargon so all users can understand it. Review the
guidance regularly to ensure its continued effectiveness.
Bodies subject to legislation such as the Freedom of Information Act 2000 should include
specific guidance on recalling information held offsite.
03 February 2012
Page 38 of 67
Identifying and specifying requirements for offsite storage of physical records
Questions:
Q52. Will the organisation produce guidance on use of the offsite store?
Q53. Will sufficient training be available for staff regarding use of the offsite store (and
supporting systems)?
Q54. Is there resource to ensure that the guidance and training are maintained and up to
date?
Outcomes:
A52. The success of an offsite store depends on how well users understand its purpose. You
can communicate this clearly through guidance and training designed to support users
as they learn how the process should work. If guidance is not prepared users will be
unlikely to engage in the correct use of the offsite store. Correcting user errors can
incur excess costs. In addition users may simply not use the offsite store causing
significant record management issues and expense.
A53. As well as written advice, users need training in how to request and send away records.
The training should provide detailed explanations of systems used to track the records
in and out of the offsite store (and any other location they may go to).
If users are not suitably trained in the use of the supporting systems there might be
expensive failures in the system. It could also result in records becoming lost or
misdirected through a lack of knowledge of the tracking systems used.
A54. As the business changes and evolves the use of the offsite store supporting guidance
and training should be updated to reflect new ways of working.
Guidance and training is only valuable if it reflects the current working environment. The
organisation should ensure that all guidance and training is kept up to date and relevant
to the users.
7
Transport of records
There is a wide range of electronic systems available to provide a secure record tracking. This
guide does not prescribe a type of system nor who should maintain it. The key aspect for a
tracking system is that it is robust, secure, accurate and maintained throughout (and beyond) the
life of a contract with an offsite store. Whatever product is chosen it should as a minimum provide
information on and help manage:
current location of the record
disposal schedule
owner
access controls
03 February 2012
Page 39 of 67
Identifying and specifying requirements for offsite storage of physical records
Records are vulnerable to damage and loss when being transported. An organisation must be
certain that whenever records are moved they are kept secure from loss or damage. The
potential cost to an organisation for lost or irreparably damaged records is not always calculable
purely as a monetary cost.
Transport of Records
Specify the
contractor’s
responsibilities for
the tracking system.
Start
Has a rigorous
means of
tracking records been
specified?
Specify the preferred
means of tracking
records.
Yes
No
Specify suitable
containers for all
records irrespective
of format.
Has the contractors
responsibility
for tracking systems
been specified?
No
Yes
No
Have appropriate
containers been identified
for all records?
Yes
End
7.1
Tracking the records
Whenever a record moves it must be tracked. If knowledge of a record’s location is not available
the organisation may be subject to a significant loss of data and/or security breaches.
Whilst this section deals with the tracking of records to and from the offsite store, the
organisation must ensure that it is able to track the movement of retrieved records within its own
business areas. You can use the same systems as the offsite store, but if not, ensure the internal
system can interface with that of the offsite store so that records can always be found.
03 February 2012
Page 40 of 67
Identifying and specifying requirements for offsite storage of physical records
No:
5.0
Consideration:
Specify a rigorous means of tracking and managing records wherever they are
transported to
Rationale:
The successful management of an offsite store depends on the ability to locate all records.
The most robust means of tracking records is through the use of barcodes generated by the
tracking system. These can be scanned by hand held devices, or scanners attached to
designated PCs and they provide a simple means of registering file movements even by
users with limited technical experience.
The organisation must be effective in tracking all movement of records to and from the
offsite store, and elsewhere within its own sites. Whenever records are transported the
tracking systems must monitor movement securely throughout the complete transportation.
Questions:
Q55. Has the organisation articulated its requirements for a tracking system?
Q56. Can the tracking system maintain key record management information?
Q57. Is the tracking system auditable?
Q58. Is the tracking system robust?
Q59. Is the tracking system secure?
Q60. Do records (or boxes containing records) have significant information with them to
identify them if lost?
Outcomes:
A55. The organisation must be clear about its needs prior to assessing the supplier’s
proposed system, or before purchasing a tracking system of its own.
If an organisation is unclear as to its specific needs it may purchase an unsuitable
system resulting in potential mismanagement of records and a failing in the service.
A56. Any tracking system will need to be able to manage a significant level of transfers to
and from the offsite store.
The organisation should seek evidence that a system has the capability to manage
the expected volume of management data.
03 February 2012
Page 41 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A57. Systems used for tracking records should not be considered solely as transaction
recording devices. As well as knowing when/where a record has moved other
information should also be retained along with the record’s current location. This
includes, but is not limited to:
title
category of record
creator
responsible business unit
date of creation
access permissions
security classification (where applicable)
allocated disposal schedule (due date)
An organisation should undertake to identify all the information it requires (for
example, workflow information) from a tracking system prior to purchasing a system.
A58. In order to provide clear evidence on the movement of records a system should retain
a full record of:
previous, current and intended location
changes to metadata (such as disposal schedules, access controls)
names of users requesting the file
date requested, received, or moved
This information is not a substitute for an established ‘hand over’ policy in terms of
establishing who is responsible for records when. However it can help the
organisation establish the intended movements of records if they become lost.
A59.
An organisation might need to control access to records from users and contractor
staff. In this instance the organisation must insist the system is able to provide
adequate access controls.
If security is compromised the system should be able to provide a supporting audit
trail to identify where unauthorised personnel accessed (requested) a record.
03 February 2012
Page 42 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A60. In addition to the barcode that identifies a record, or box containing records, it is
sensible that other key information regarding the record(s) is attached to them. This
should include, but is not limited to:
title
creator
responsible business unit
date of creation
security classification (where applicable)
disposal schedule
No:
5.1
Consideration:
Specify how the contractor must take part in the active management of any system
for tracking and managing all records in their custody (irrespective of who owns the
systems used)
Rationale:
The movement and transport of records is the primary function of the contractor.
It is important to maintain the correct processes in terms of use and managing the record
tracking systems. The organisation should ensure the contractor would honour this
obligation as part of the signed contract documentation.
Failure by a contractor to ensure systems are well maintained could lead to a failure in
delivery of service. For example, users are engaged in search and discovery projects where
an inability to locate information via tracking system could have a significant impact on the
ability to retrieve relevant information.
Questions:
Q61. Who will own overall responsibility for the record tracking system?
Q62. Who will maintain the record tracking system?
Q63. Does the contract agreement detail the responsibilities of the contractor for managing
record tracking systems?
03 February 2012
Page 43 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A61. Before buying or supplying any products (whether stand alone or integrated with
existing IT infrastructures) an organisation must identify who will have overall control
and responsibility of a record tracking system.
It is not necessary for the organisation to have possession of the system but they
must ensure they retain full controlling ownership over the product’s development.
Principally this is so that the organisation can assure the system remains viable and
the data contained within it can be exported in a usable format at all times.
A62. As with ownership, responsibility for maintaining record tracking systems is vital to the
success of an offsite store. Ideally those monitoring a file tracking system should be
people with significant experience in using and managing such systems.
A63. It is possible that a selected contractor will provide a suitable record tracking system.
In such cases the organisation must ensure that the product will be supported
throughout the contract (and not be subject to unnecessary upgrading every two
years or so).
Where the contractor is the owner of a system there must be an agreement on their
part that it be fully maintained by them (or a potential authorised third party). In
addition they must demonstrate that it is capable of managing a bulk export of
information at the end of the contract, see section 11 Exit strategy.
An organisation may choose another system for tracking records. In which case they
will need to ensure it provides the contractor with adequate training in the correct use
of the system.
7.2 Custody and care of records in transit
An organisation must set boundaries with a contractor regarding levels of responsibility for the
records whilst they are in transit. Care of records, does not confer ownership of the content of the
records; this remains with the organisation at all times.
03 February 2012
Page 44 of 67
Identifying and specifying requirements for offsite storage of physical records
No:
5.2
Consideration:
Establish who is responsible for records and their movement throughout the
transfer to offsite (and any potential returns)
Rationale:
An offsite store may see significant movements of records on a frequent basis. As well as
robust logistic systems, it is imperative that an organisation establishes custodial liability for
records.
Loss or damage is possible with any transport of records. Both the organisation and
contractor must have clearly stated responsibilities for records whilst in their custody with
agreed policies for incident reporting.
Responsibility and custody in this context does not mean that when held offsite the
organisation is not responsible for its information. The organisation will always have a
responsibility to ensure that records are cared for and managed on their behalf in the
correct manner at all times.
Questions:
Q64. Has the organisation articulated the extent of a contractor’s liability for records when
in their (the contractor’s) custody?
Q65. Has the organisation defined a process for identifying ‘transfer of custody’ for records
between the contractor and themselves?
Q66. Will the contractor have a process for reporting lost or damaged records whilst in
their custody?
Q67. Can the contractor provide a suitable compensation process for records lost or
damaged by them?
Outcomes:
A64. Never assume that a contractor understands when they are responsible for an
organisation’s records.
Establish a contractor’s responsibility for records as this will enable the organisation
to develop a productive relationship in the use of the offsite store.
Failure to establish responsibility prior to agreeing a contract may result in no claim
against a contractor when records are in their custody.
03 February 2012
Page 45 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A65. There are many ways an organisation may choose to log records as ‘received’
depending on the scale of use, budget, and size of the organisation. For example,
the organisation may receive records in a central location (such as the post room)
and distribute the records internally. As custody of records takes place at that point
they can ensure a more direct control of when exactly records were sent/received.
An organisation may require multiple delivery locations, in which case it must ensure
that the systems and procedures are robust enough to ensure consistent and
accurate tracking of records.
A66. Damage or loss of records must be reported so that action can be taken to resolve
the issue. Even if it is the contractor who has to repair records in their custody, the
incident must still be recorded. In particular the detail of the damage or loss, how,
and when it occurred. This may help an organisation to identify any patterns of poor
record handling either internally or by the contractor. A robust tracking system should
indicate where the record was last used/held. Manage it actively to highlight incidents
of loss.
The organisation will always retain full responsibility for its information and any loss
will be considered as their responsibility for failing to ensure the contractor was
capable of performing the contracted service.
A67. Compensation is a problematic area. Under contract law there is no expectation that
punitive fines will be permitted. Traditionally the law will only permit liquidated
damages and these are likely to be limited. Any claim for compensation will itself
have to be founded on an analysis of what would be the financial cost to the
organisation if a record or group of records are lost or damaged. If that can be
quantified it may be possible to seek evidence that the contractor possesses
appropriate liability insurance which could be the source of recovered costs.
Additionally the loss of information however significant is likely to cause issues that
cannot be repaired by money alone. Lost information can severely impact operational
effectiveness and potentially damage the organisation’s reputation.
We recommend that the organisation consults its procurement specialists and legal
advisers before enshrining any requirement for compensation within its specification.
03 February 2012
Page 46 of 67
Identifying and specifying requirements for offsite storage of physical records
No:
5.3
Consideration:
Identify suitable containers for all record categories to protect them from damage
during all parts of transit
Rationale:
Moving records in unsuitable containers, such as postal sacks, is almost certain to cause
damage (to records) and the organisation must ensure that the containers for transporting
records are adequate for the task.
This guide does not stipulate the exact type of container suitable for every record but it
must, as a minimum, provide room for the records as well as protection from damage in
transit.
Especially fragile or delicate records, for example glass plate negatives or laboratory
specimen slides, may be too susceptible to damage to be moved on a frequent basis. The
organisation needs to identify these records and consider how best they should be made
available to users. In some circumstances it may be preferable to provide a digital surrogate
of a fragile record rather than provide the original.
Questions:
Q68. Has the organisation identified suitable containers for all records categories?
Q69. Will the organisation delegate responsibility for sourcing of containers to the
contractor?
Q70. Are there record categories that require special procedures or equipment for moving
and handling?
Outcomes:
A68. An organisation may only have paper records in A4 format stored in standard archive
boxes transporting these correctly will be relatively straightforward.
Other records may vary significantly in size, shape, and weight and you must
consider how to transport these rather than applying a single solution. Improperly
protected records may become irreparably damaged which could be costly to the
organisation.
A69. The contractor is likely to have significant experience in the transporting of records
and may be able to provide/source suitable containers for transporting physical
records.
Note however that the organisation should always retain the right to insist on the
means of transporting all its records.
03 February 2012
Page 47 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A70.
If an organisation has categories of record that are fragile or out-sized it must pay
close attention to how they are handled and transported. Provide adequate training
on how to handle and transport such records including instruction on the correct use
of specialised transport equipment (for example, scissor trolleys, bespoke carry
cases).
Any particular requirements must be detailed to the contractor to avoid vulnerable
records becoming damaged and deteriorate beyond repair.
See section 6.1 Identifying patterns of use for detail on creation of surrogate records.
8
Modes of storage
Not all physical records can be stored in the same way and you must assess this during the
process of specifying the offsite store. Pay careful attention to the dimensions and weight of the
records with regard to the type of shelving required. For example large plans or maps should be
stored flat while other paper records can be stored in a file on their side or in a box.
Very specialised or fragile records, such as scientific specimens, will need very specific storage
and they must be assessed prior to sending offsite, particularly if they require particular
environmental conditions.
Before a contract is agreed, the organisation must be certain that the contractor can provide the
correct mode(s) of storage.
Failure to correctly store records could result in significant damage to records leading to them
being unusable by the organisation.
03 February 2012
Page 48 of 67
Identifying and specifying requirements for offsite storage of physical records
Modes of Storage
Asses all record
categories to identify
the most cost effective
method of storage.
(i.e. on palletised)
Start
Have all suitable
storage modes been
identified for all
records?
Asses each record
category’s format and
identify the preffered
mode of storage
(i.e. in boxes, open
shelves etc)
Yes
No
Identify and specify any
specific storage
conditions for a record
category that is unique
within the record
collection.
(i.e. specific shelf size
or environment)
Has the most
cost effective method of
storage been
identified ?
No
Yes
Yes
Do any record
categories have specific
storage needs?
No
End
8.1
Assessing modes of storage
It’s critical to understand how each record category will need to be stored if records are to be
adequately protected whilst in an offsite store.
No:
6.0
Consideration:
Assess each record category to establish the most practical means of storage for
them
Rationale:
Storing records offsite can become very expensive when the correct mode of storage is
not considered.
The needs of categories of records may vary greatly so it is important that they are all
stored in a suitable manner. For example where shelves may be suitable for boxes of
paper records they may not be suitable for heavy physical objects such as geological
samples.
03 February 2012
Page 49 of 67
Identifying and specifying requirements for offsite storage of physical records
Questions:
Q71. Do all record categories require the same mode of storage?
Q72. Can the proposed offsite store provide the required mode of storage for all record
categories?
Q73. Where used, are boxes (or containers) for records a suitable size and strong
enough to protect the contents from damage during transport and storage?
Outcomes:
A71.
An organisation may have physical records in one format or very similar formats
(for example A4 paper records). In such cases it will be relatively easy to specify a
common mode of storage usually sturdy boxes that ensures the records are stored
safely and efficiently.
Where a wider variety of record formats exist the specific storage needs (including
specialised storage furniture) must be identified and articulated to the contractor to
reduce the risk of records becoming damaged or destroyed.
A72. If an organisation is not absolutely confident that the contractor can provide the
correct mode of storage it must find alternative solutions for records that cannot be
housed in the offsite store – possibly a specialised storage contractor.
A73. Storing records in boxes does not guarantee their safety:
If the box is too large, movement inside when being transported could cause
damage to contents
If the box is too small records can be bent, folded or otherwise fitted in an
inappropriate manner leading too damage
The organisation must ensure the correct size box/container is used to store
records to reduce the risk of damage. It must assess how many boxes can be
safely stacked on top of each other.
No:
6.1
Consideration:
Assess each record category to establish the most cost effective method of
storage
03 February 2012
Page 50 of 67
Identifying and specifying requirements for offsite storage of physical records
Rationale:
The needs of each record category may vary greatly. It is important that they are all
stored in a suitable manner. For example where surrogate copies of records are available
to the users (such as microfilm or scanned images) it may be more cost effective to
destroy the originals.
If they are still needed, it may be more cost effective to choose a mode of storage such
as bulk (palletised) storage.
Questions:
Q74. Can the organisation quantify the volume of records likely to be frequently
recalled?
Q75. Are there categories of record that could be stored in bulk (palletised) and left until
due for review or destruction?
Q76. Are surrogate copies of records available in a more accessible format (for
example, microfilm or scanned images)?
Outcomes:
A74. The frequency of use for record categories should be used to define their access
and retrieval requirements. This information will help inform the most suitable type
of storage for a record category.
Frequently requested records should be more accessible so that they can be
removed and replaced with minimal opportunity for damage.
If the mode of storage is not accessible there is a risk that although well protected
whilst stored, the records are damaged when moved.
A75.
Where a record category will not need to be accessed for a long period, it may be
stored in bulk on pallets.
Retrieval charges from pallets are likely to be higher than standard rates. This
method may be attractive for records that are almost certainly not required until
due for review or disposal owing to the reduced handling costs by not having to
shelve material and index the records and/or boxes individually.
03 February 2012
Page 51 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A76. Some records may have a surrogate digital copy (adequately protected and
preserved), potentially saving the organisation significant costs in retrieving
records for minor administrative or reference purposes. This solution may also be
used for large or vulnerable records in order to reduce the risk of damage.
Where the creation of surrogates occurs, the organisation should consider using
standards such as BIP 0008-1: 2004 Code of practice for legal admissibility and
evidential weight of information stored electronically to ensure a consistent quality
in surrogate production.
This does not mean that an organisation should embark on a wholesale scanning
of records prior to sending them offsite. Scanning projects are a significant
undertaking and should be subject to a cost benefit analysis first, including the cost
of preserving digital surrogates of records.
8.2
Vulnerable records
Whist an offsite store should provide acceptable storage conditions for most types of physical
record; an organisation may have records which are more vulnerable to damage. The
organisation should assess if they have particularly vulnerable records and how best they should
be stored.
No: 6.2
Consideration:
Assess each record category to establish any specific environmental conditions
required for storing them
Rationale:
All records must be stored in an environment that protects them from damp, mould or
pests damage. Some record categories, however, may demand more specific
environmental conditions to protect them from deteriorating. The organisation should
identify all vulnerable records prior as storing this type of records in a commercial offsite
store can become very expensive where exact environmental conditions are required.
If the records are so vulnerable as to be considered not suitable to be stored in a
commercial offsite store the organisation must seek specialist advice on the records from
specialist conservators.
03 February 2012
Page 52 of 67
Identifying and specifying requirements for offsite storage of physical records
Questions:
Q77. Has the organisation identified any record categories with a specific storage
requirement (for example an archival standard storage)?
Q78. Can the organisation quantify the volume of records likely to require specialised
storage?
Q79. Can the contractor provide evidence it can maintain the required environment for
vulnerable records?
Outcomes:
A77. The profile of each category of record must include any specific storage
requirements. Section 3.1 Identifying record categories discusses how to identify
and articulate this need to a potential contractor. If the organisation does not
articulate specific storage requirements to the contractor it could result in records
being stored in an unsuitable environment (and their deterioration or destruction).
9
A78.
After establishing specific storage requirements the organisation will need to
quantify the volume of records affected. If the contractor cannot provide the
conditions or space needed for vulnerable records, the organisation must reassess
where the records can be stored. If the correct environment is not provided
vulnerable records will degrade and may become unusable.
A79.
If a contractor is unable demonstrate it can provide the required storage
conditions (such as shelving or environment), the organisation may have to seek a
specialised storage provider for the vulnerable records.
Environmental conditions
Records of all formats are vulnerable to damage from either flood, fire, vermin or mould.
Ensuring that the environment in and around the offsite store is adequately monitored and
protected must form a part of the specification for an offsite store.
In addition the organisation must satisfy itself that the location and site for the offsite store is
acceptable in terms of potential risk from environmental damage, or insist on an alternative
location for their record storage. You can manage this process by allowing the contractor access
to the relevant sections of the organisation’s risk register which relate to record management and
control. Additionally before agreeing any contract the organisation must have sight of and assess
the contractor’s own disaster recovery and business continuity plans for the offsite store.
03 February 2012
Page 53 of 67
Identifying and specifying requirements for offsite storage of physical records
Environmental Conditions
Re-assess the site’s
suitability, specifying
required changes or
selection of a
different site.
Start
Has the proposed
site for the offsite store
been visited?
Visit the site’s
location and environs
to its assess the risk
from environmental
damage.
Yes
No
Specify the required
facilities for protecting
the records (i.e. fire
suppression
systems).
Is the site
suitably protected from
environmental
damage?
No
Yes
No
Are there facilities
to prevent damage to
the records from fire
or flood?
Yes
Specify the expected
training for contractor
staff in managing
recovery from
environmental incidents.
No
Are contractor staff
trained in dealing with
environmental
incidents?
Yes
End
9.1
Surveying the external environment of the store
When the organisation is assessing suitable contractors for an offsite store it must visit any
proposed locations to see the area around the site is not unduly at risk from environmental
damage.
No:
7.0
Consideration:
Conduct a full survey of the proposed location for the offsite store to ensure it is
suitably protected from environmental damage
03 February 2012
Page 54 of 67
Identifying and specifying requirements for offsite storage of physical records
Rationale:
As the long-term location for an organisation’s records it is important that the offsite store
is adequately protected from all potential environmental hazards.
Any assessment of an offsite store should involve actually visiting the proposed site. If
the organisation does not visit the proposed location it cannot conduct a sufficient risk
assessment for the implementation of an offsite store.
Questions:
Q80. Is the offsite store located in a location vulnerable to environmental damage?
Q81. Who manages the environment around the site?
Outcomes:
A80. When reviewing a site’s location it is important to view it within its local
surroundings. Whilst the immediate site may be secure and well protected there
may be other problems within the local vicinity such as:
the site is in a low lying area or flood plain
the site is close to rivers or other bodies of water liable to flood
this site is near overhead power lines or sub-stations
this site is close to industrial sites (power stations, for example)
Note that you might have to consider other risks such as proximity to airports or
flight paths.
This guide cannot list every possible environmental concern an organisation may
have and you should ensure that you have addressed all concerns before
agreeing a location.
A81. As well as assessing the location the organisation will need to satisfy itself that the
immediate environs of the site are also managed against environmental damage.
It would be normal to expect the contractor to manage this aspect of the offsite
store, but it may be a third party.
Having suitable systems to protect the site is only useful if they are monitored and
managed. If this is not done on a regular basis the offsite store could become
exposed to any potential environmental hazard.
03 February 2012
Page 55 of 67
Identifying and specifying requirements for offsite storage of physical records
9.2
Surveying the environment of the interior of the store
When the organisation is assessing suitable contractors for an offsite store it must visit any
proposed locations to see the conditions for storing their records is like.
No: 7.1
Consideration:
Conduct a full survey of the proposed location for the offsite store to ensure it is
suitably protected from environmental damage
Rationale:
Current or semi-current records held in an offsite store do not normally require archival
standard storage. Physical records will survive far better in a controlled environment.
In broad terms the environment for current records should not allow large changes in
temperature or excess humidity (as increased high temperatures and humidity are more
likely to cause mould).
It is important however, that the specification is not so prescriptive as to become cost
prohibitive.
See section 8.2 Vulnerable Records for assessing records that are vulnerable to damage.
Questions:
Q82. Can the contractor demonstrate adequate protection measures for the proposed site?
Q83. Have contractor staff received training in how to deal with disaster recovery from
environmental damage such as a flood or fire?
03 February 2012
Page 56 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A82.
An organisation must be certain that the contractor is able to protect the records
against environmental or pest damage. Depending on a site’s location there may be
very specific concerns, but in general an offsite store must have in place:
fire suppression systems
flood protection
vermin control systems
temperature and humidity controls
If a site is not adequately protected there is a risk that the records could be damaged
and destroyed potentially causing significant reputational and financial cost to the
business.
A83.
In addition to having specific personnel to manage and monitor the site, all staff and
users of the offsite store should be trained in how to deal with an environmental
emergency.
The organisation should not expect contractor staff to tackle a significant issue such
as a large fire or flood. However training should have covered the basics of delivering
early measures that could potentially reduce the amount of records damaged or lost,
such as the use of fire extinguishers in the event of a localised fire.
10
Auditing and reporting
Procuring and implementing an offsite store should not be considered as a single project with a
final deliverable. As an organisation develops, its use and the requirements for an offsite store
are likely to change. Regularly analysing patterns of offsite store use will enable the organisation
to identify areas of good and bad practice and potential need for change to meet new business
needs.
Subject to security requirements the organisation will also need designated personnel to visit the
store, without providing prior notice, to confirm that the service is being provided to the standard
specified in the contract.
03 February 2012
Page 57 of 67
Identifying and specifying requirements for offsite storage of physical records
Additionally the supporting systems should be used to produce specific reports to identify if the
organisation’s use of the offsite store has grown out of control, or beyond its original scope.
Auditing and Reporting
Develop and specify
appropriate
communication lines for
reporting activities to the
organisation from the
contractor .
Start
Have appropriate
individuals been
appointed monitoring
roles?
Develop appropriate
roles within the
organisation responsible
for monitoring the use of
the offsite store.
Yes
Have incident
reporting lines been
specified?
No
Define what statistical
data is desired to inform
on the general usage of
the offsite store by the
organisation.
No
Yes
No
Are there suitable
systems in place to
provide key usage
statistics?
Yes
End
10.1 Monitoring use of the offsite store
An organisation should work in partnership with a contractor to monitor the usage of the offsite
store. This should include audit reports detailing how the offsite store is used in terms of
retrieving and sending records offsite.
Where an organisation has a secondary (or in-house) storage facility the use of this should be
audited and reported in exactly the same way so as to ensure a completely accurate assessment
of record storage usage.
03 February 2012
Page 58 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 8.0
Consideration:
Provide an oversight team to monitor use of the offsite store and customer
satisfaction
Rationale:
Ensuring that an offsite store remains cost effective and efficient is an important task when
ensuring the long-term success of an offsite store. The organisation must monitor levels of
use, and type of use, of the offsite store. If there is no strategy in place for monitoring how
the offsite store is used it can become very poorly used and unreasonable demands might
be placed on the contractor at a potentially increased cost to the organisation. Or in a worstcase scenario there might be a failure of the entire service.
Questions:
Q84. Can the organisation provide adequate resource to monitor use of an offsite store?
Q85. Does the record/information management team have sufficient authority (or senior
support) to execute decisions regarding poor or inappropriate use of an offsite store?
Outcomes:
A84.
Monitoring usage of an offsite store should not be seen as an ad hoc process but part
of the full time records management function. In order to accurately and correctly
assess the use of an offsite store the organisation must make provision for resource
to perform routine audit and reporting duties on use of the offsite store.
If there is not a committed resource the organisation risks the use of the offsite store
becoming poorly used. This inefficiency could lead to significant costs.
A85. Producing reports and auditing usage of the offsite store will only be of use if the
information can be acted upon. If there is a clear pattern of bad practice in one area of
the organisation the record management staff must be able to articulate the problem
with support from senior levels.
If records management staff are not given the authority to affect change when
problems are identified the organisation could incur significant loss of operational
efficiency and increased costs.
10.2 Reporting incidents and maintaining communications
As well as an organisation monitoring its usage of the offsite store, it should be expected that the
contractor contribute to the effective management of the offsite store. The contractor should have
means to report issues and concerns back to the organisation where it has concerns or an
incident has occurred.
03 February 2012
Page 59 of 67
Identifying and specifying requirements for offsite storage of physical records
No: 8.1
Consideration:
Establish clear communication channels for incident reporting
Rationale:
The organisation needs to be able to monitor the pattern, pace and frequency of retrieval by
both individual users and business units. This is partially to review and identify changes in
business need (which can then lead to agreed variations in the contracted service), but also
to permit forensic investigations where a security breach may have occurred. Therefore the
contractor must be able to produce on demand appropriate statistics, in the form of reports,
and do this within a specified time to the organisation. These should be based on known
specified criteria relevant to the organisation including (but not limited) to the following
elements individually and in any combination:
date range
category type
individual file reference
business units using the records
individual users requesting the files
volumes of requests over specified periods
retrieval service interval used
Auditing the offsite store must link in to the overall current records use as part of a higher
level audit of the organisation’s record management provision. If the organisation is unable
to effectively monitor the use of the offsite store, there is a significant risk it may not be
meeting the current business need at an unnecessary cost in resource and money.
Questions:
Q86. Is there a clear method of communication between the offsite store and the records
manager(s) of the organisation?
Outcomes:
A86. Successful reporting relies on the contractor knowing who to talk to on any subject
(not just in an emergency). As part of the process of planning for an offsite store the
organisation must detail how communications for issues are to be reported to the
organisation.
For example it may not be appropriate, or useful, to have a telephone conversation
detailing the number of emergency requests for records, in such case it would be
more useful for a report to be produced and made available to the organisation.
Conversely if there is a significant damage to records through flood or fire it will be
vital that the organisation can be made aware of this immediately.
03 February 2012
Page 60 of 67
Identifying and specifying requirements for offsite storage of physical records
11
Exit strategy
Eventually the organisation may need to move its records from the offsite store. There are likely
to be significant reasons for this and it is imperative that the organisation can ensure all the
records, and associated information, can be removed from the contractor’s systems in a usable
format prior to entering into a contract with them.
Exiting from an existing contract is likely to be expensive and this section is intended principally
for the when the life of the agreement is reached and the organisation is looking to move to a
new supplier. In practice the organisation may decide that the current contractor is providing the
most cost efficient service. Irrespective of whether the organisation decides to move to a new
contractor or retain the current one’s service the exit strategy must still be agreed and in place
prior to agreeing a new contract.
It should also be noted that another possible exit scenario involves the records remaining in situ
but a new contractor taking over management of the offsite store. In this event the considerations
below are still valid.
Exit Strategy
Identify the expected level
of cooperation from a
contractor on exiting the
contractor (i.e. transport of
records and export of any
key data).
Start
Has the cost of
removing records at the
end of a contract been
agreed?
Discuss and establish
realistic costs for uplift
of records from the
offsite store at the end
of a contract.
Yes
No
Define what statistical
data is desired for
export on exiting the
storage contract (i.e.
Record location, owner,
disposal schedule).
Has the
required level of support
for an uplift been
specified?
No
Yes
No
Can the
supporting systems
export usable data for the
records being
moved?
Yes
End
03 February 2012
Page 61 of 67
Identifying and specifying requirements for offsite storage of physical records
11.1 Developing the exit strategy
Part of an organisation’s implementation plan should include how the organisation will remove its
records and related information when the contract is finished. An inadequate exit strategy could
lead to significant costs and effort in removing records and related metadata.
No: 9.0
Consideration:
Establish and agree costs for an uplift of records from the offsite store at the end of
a contract
Rationale:
Before an organisation agrees to place records with a contractor it needs to be clear on what
it expects when the contract has finished. Specifically it needs to agree the likely costs of a
significant uplift of records from the offsite store to another location.
Offsite storage contracts are often made for very long periods of time, and in practice it is
unlikely a contractor will agree a fixed sum for uplifting records.
The key point an organisation has to agree is that the contractor will assist with the relocation
as much as is reasonable for them to do so. This must include correct tracking and movement
of all records as appropriate depending on the strategy used to relocate the records.
The exit strategy must ensure no loss of data or records. It must be agreed and understood
by both the organisation and the contractor to ensure this.
Questions:
Q87. Is the contractor capable of managing a significant transfer of records?
03 February 2012
Page 62 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A87.
Relocating an offsite store’s contents is a significant operation. Whilst it is likely to be
carried out in a staged process each stage may involve relocating thousands of
records. The organisation must seek evidence that the contractor is capable of such
significant movements of records, and that every record will be accurately tracked as
they are relocated.
In addition the contractor must be able to demonstrate that it can export any data held
in its tracking systems. If this is not possible then the organisation risks losing not only
the ability to confirm the transfer, but also lose relevant data such as the records owner
and disposal schedule.
The ability to track large movements of records may not be limited to an exit strategy,
and a contractor must demonstrate it can cope with any potential large transfers of
records. If the contractor cannot then there is a risk that records will become lost or
untraceable once relocated.
No: 9.1
Consideration:
Specify the actions and data required for exporting all information held on any
systems the contractor uses to track the records
Rationale:
Record tracking systems can be used to retain key information about records held in the
offsite store, such as owner, dates, and disposal schedule. An organisation must ensure that
all data can be exported in a usable format from the current systems.
The exit strategy must ensure be agreed and understood by both the organisation and the
contractor to ensure there is a mitigated risk against data loss.
Questions:
Q88. Can the system export data for the records in a usable open standard format (for
example, csv or xml)?
Q89. Is the contractor capable of managing a significant export of data?
Q90. Does the contractor have effective means of tracking/auditing the export of data for
records from any electronic systems?
03 February 2012
Page 63 of 67
Identifying and specifying requirements for offsite storage of physical records
Outcomes:
A88.
Any database system must be able to export its data in a format that can be used by
another similar database system. Not all systems will use the same means of
managing the data but it is crucial that the format of an export is in a common open
standard format such as csv or xml.
If the data is not exportable in a usable format the organisation risks losing significant
information regarding the management of its records that it may not be possible to
recreate.
A89. The organisation must seek evidence that the contractor (or owner of the systems) is
capable of exporting data from the record tracking systems. The ability to export large
volumes of metadata may not be limited to an exit strategy, and a contractor will need
to demonstrate it can cope with any potential large exports at anytime. If the contractor
cannot do this there is a risk metadata will become lost.
A90. Whenever a system exports metadata it must be able to audit the whole process to
identify as a minimum:
When it was exported?
What was exported?
Who exported it?
What was the reason for the export?
It is vital to the security and integrity of the records being transferred that this
information is available for the contractor to verify the export was valid and authorised,
and that everything that should have been exported was.
12
Purchasing
12.1 Assessing the contractor
This guide does not specify how an organisation may choose to select an offsite store outside of
the provision that the contractor meet the specified levels of service detailed in an Invitation to
Tender. However an organisation should ensure that the selected contractor is economically
secure.
03 February 2012
Page 64 of 67
Identifying and specifying requirements for offsite storage of physical records
Where an organisation relocates a large number of records to an offsite site and then the
contractor goes out of business, there could be a significant impact on both operational efficiency
and cost of moving the records to another location.
12.2 Purchasing frameworks
Owing to the variety of ways a service may be purchased this document does not prescribe how
an organisation should tender and contract an offsite store. Every organisation must identify its
statutory and regulatory purchasing frameworks to ensure that the services are purchased using
the correct procedures.
Failure to purchase under the specific guidelines could lead to a serious issue possibly involving
compensation to other potential contractors disadvantaged by incorrect purchasing processes.
12.3 Shared services
It is vital that a contract meets the organisation’s business need but it does not have to be an
individually purchased service. As identified in the National Audit Office report, Improving
Corporate Functions Using Shared Services, purchasing an offsite storage contract service with
other organisations could provide greater negotiating power over costs such as price of storage,
retrieval charges, other services and support system costs.
If an organisation does decide to enter into a shared service for an offsite store it must be
confident that the procured contract meets their key business needs and represents best value
for money for that organisation.
12.4 Understanding contractors’ charging models
As well as the obvious costs of storing and retrieving records there are other services that may
be offered by an offsite storage provider. These can range from managing the appraisal and
disposal of records to the provision of digital surrogates as an alternative to retrieving records.
Not all of these services will be of use to an organisation, but it is likely some will. When
evaluating bids for an offsite store, the organisation may need to look beyond merely the
cheapest provision of storage and retrieval. According to the level of demand for additional
services, which may fluctuate over time, the choice of a contractor that can provide the full
required level of service may be different. It is recommended that in comparing costs, the
03 February 2012
Page 65 of 67
Identifying and specifying requirements for offsite storage of physical records
organisation seeks to understand the charging model of the potential provider(s) and tests them
against different variables.
13
Further reading
13.1 Legislation
All public bodies will be affected by information legislation. You must consider this when
specifying certain aspects of an offsite storage service. Note that there may be other legislation
pertinent to the organisation and it will be necessary to refer to those as well.
Public Records Act 1958 (c. 51)
Data Protection Act 1998 (c. 29)
Freedom of Information Act 2000 (c. 36)
Environmental Information Regulations 1992/3240
13.2 Relevant standards and other references
There are also a range of British and International standards which will provide useful information
on certain aspects of record management and storage of records.
BSI publications: shop.bsigroup.com
British Standards Institution BSi DISC PD0008: 1999 Code of Practice for Legal
Admissibility and Evidential Weight of Information Stored Electronically
British Standards Institution BSi DISC PD0018: 2001 Code of Practice: Information
Management Systems: Building Systems fit for Audit
ISO publications: www.iso.org/iso/en/prods-services/ISOstore/store.html
International Standards Organisation ISO 17799 / BS7799 Information Security
Management
International Standards Organisation ISO 15489 Information and Documentation: Records
Management, 2 volumes 2001
03 February 2012
Page 66 of 67
Identifying and specifying requirements for offsite storage of physical records
International Standards Organisation ISO 9001: 2000 Quality management systems:
Requirements
International Standards Organisation ISO 23950 Information and Documentation:
Information retrieval (Z39.50): application service definition and protocol specification
National Audit Office: www.nao.org.uk/publications/0708/improving_corporate_functions.aspx
Improving Corporate Functions Using Shared Services 2007
03 February 2012
Page 67 of 67